SEC-618: Move copyDetails method into ProviderManager and call it before checking with ConcurrentSessionController.

2025-06-24 04:52:16 +00:00 · 2007-12-07 16:17:59 +00:00 · 2007-12-07 16:17:59 +00:00 · 2b0ee23396
commit 2b0ee23396
parent 89cde2507d
2 changed files with 17 additions and 19 deletions
--- a/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
+++ b/core/src/main/java/org/acegisecurity/AbstractAuthenticationManager.java
@ -42,31 +42,13 @@ public abstract class AbstractAuthenticationManager implements AuthenticationMan
    public final Authentication authenticate(Authentication authRequest)
        throws AuthenticationException {
        try {
-            Authentication authResult = doAuthentication(authRequest);
-            copyDetails(authRequest, authResult);
-
-            return authResult;
+            return doAuthentication(authRequest);
        } catch (AuthenticationException e) {
            e.setAuthentication(authRequest);
            throw e;
        }
    }

-    /**
-     * Copies the authentication details from a source Authentication object to a destination one, provided the
-     * latter does not already have one set.
-     *
-     * @param source source authentication
-     * @param dest the destination authentication object
-     */
-    private void copyDetails(Authentication source, Authentication dest) {
-        if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
-            AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
-
-            token.setDetails(source.getDetails());
-        }
-    }
-
    /**
     * <p>Concrete implementations of this class override this method to provide the authentication service.</p>
     *  <p>The contract for this method is documented in the {@link
--- a/core/src/main/java/org/acegisecurity/providers/ProviderManager.java
+++ b/core/src/main/java/org/acegisecurity/providers/ProviderManager.java
@ -193,6 +193,7 @@ public class ProviderManager extends AbstractAuthenticationManager implements In

                try {
                    result = provider.authenticate(authentication);
+                    copyDetails(authentication, result);
                    sessionController.checkAuthenticationAllowed(result);
                } catch (AuthenticationException ae) {
                    lastException = ae;
@ -245,6 +246,21 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
        throw lastException;
    }

+    /**
+     * Copies the authentication details from a source Authentication object to a destination one, provided the
+     * latter does not already have one set.
+     *
+     * @param source source authentication
+     * @param dest the destination authentication object
+     */
+    private void copyDetails(Authentication source, Authentication dest) {
+        if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
+            AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
+
+            token.setDetails(source.getDetails());
+        }
+    }
+
    public List getProviders() {
        return this.providers;
    }